Inspector General points out serious security gaps in how FBI manages storage media
An audit found that the FBI fails to properly track hard drives and other storage materials containing sensitive information.
The U.S. Office of the Inspector General (OIG) recently completed an audit of the FBI’s inventory management processes. During that review, inspectors identified several severe weaknesses in inventory management and disposal procedures for storage media containing sensitive and classified information.
The OIG, a separate part of the Department of Justice from the FBI, published a report outlining the audit findings. That report outlines multiple problems with how the FBI addresses tracking its inventory of storage devices and its security when destroying those devices.
The weaknesses identified by the OIG’s audit pertain to electronic storage media containing sensitive but unclassified (SBU) data and classified national security information (NSI.) These problems involved tracking or accounting for the storage devices and consistently labeling the storage media with the appropriate security clearance classification labels.
According to the report, the FBI’s “lack of accountability of this electronic storage media is compounded by inadequate internal physical access and security controls at the Facility, potentially placing these media at risk of loss or theft without the possibility of detection.”
The inspectors further noted that the FBI is inconsistent in accounting for electronic storage material like hard drives, floppy drives, USB thumb drives, and other storage media after they’re removed from devices. The FBI affixes asset tags to the computers themselves but not the storage devices.
In some cases, inspectors found that FBI staff at the storage facility had received computers and servers lacking their internal storage devices and neglected to question why these were removed or what had happened to them. The OIG identified several non-functioning surveillance cameras at the storage facility, further increasing the risk of compromised data.
The FBI responded to the OIG audit report by agreeing with the identified weaknesses. The agency is revising its protocols for dealing with electronic storage media and making facility improvements to better secure and track the devices.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Among those improvements, the FBI storage facility has installed steel cages to store pallets and boxes of storage media. The agency is also upgrading surveillance cameras throughout the facility to ensure coverage of the cages and other sensitive areas.
Jeff Butts has been covering tech news for more than a decade, and his IT experience predates the internet. Yes, he remembers when 9600 baud was “fast.” He especially enjoys covering DIY and Maker topics, along with anything on the bleeding edge of technology.
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks